39 lines
1.6 KiB
Markdown
39 lines
1.6 KiB
Markdown
# StellaOps Scanner
|
||
|
||
Scanner analyses container images layer-by-layer, producing deterministic SBOM fragments, diffs, and signed reports.
|
||
|
||
## Responsibilities
|
||
- Expose APIs (WebService) for scan orchestration, diffing, and artifact retrieval.
|
||
- Run Worker analyzers for OS, language, and native ecosystems with restart-only plug-ins.
|
||
- Store SBOM fragments and artifacts in RustFS/object storage.
|
||
- Publish DSSE-ready metadata for Signer/Attestor and downstream policy evaluation.
|
||
|
||
## Key components
|
||
- `StellaOps.Scanner.WebService` minimal API host.
|
||
- `StellaOps.Scanner.Worker` analyzer executor.
|
||
- Analyzer libraries under `StellaOps.Scanner.Analyzers.*`.
|
||
|
||
## Integrations & dependencies
|
||
- Scheduler for job intake and retries.
|
||
- Policy Engine for evidence handoff.
|
||
- Export Center / Offline Kit for artifact packaging.
|
||
|
||
## Operational notes
|
||
- CAS caches, bounded retries, DSSE integration.
|
||
- Monitoring dashboards (see ./operations/analyzers-grafana-dashboard.json).
|
||
- RustFS migration playbook.
|
||
|
||
## Related resources
|
||
- ./operations/analyzers.md
|
||
- ./operations/analyzers-grafana-dashboard.json
|
||
- ./operations/rustfs-migration.md
|
||
- ./operations/entrypoint.md
|
||
|
||
## Backlog references
|
||
- DOCS-SCANNER updates tracked in ../../TASKS.md.
|
||
- Analyzer parity work in src/Scanner/**/TASKS.md.
|
||
|
||
## Epic alignment
|
||
- **Epic 6 – Vulnerability Explorer:** provide policy-aware scan outputs, explain traces, and findings ledger hooks for triage workflows.
|
||
- **Epic 10 – Export Center:** generate export-ready artefacts, manifests, and DSSE metadata for bundles.
|